Friday, May 19, 2017

Tracking wired client behind Aruba AP

So you have setup with Aruba RAPs that bridge their wired ports to VLAN on controller. Web interface only tracks wireless clients so you have no idea what AP client with particular IP is connected to.

Login to controller CLI using SSH. Read-only access is enough, no need to be admin.

First we need to find MAC for IP

(PYONGYANG-WLC-1) #show arp | include 10.42.235.4
Protocol        Address         Hardware Address        Interface
Internet        10.42.235.4     A4:6F:D9:E8:FF:15       vlan2504

So now we know MAC, lets find tunnel it's bridged over.

(PYONGYANG-WLC-1) #show datapath bridge | include A4:6F:D9:E8:FF:15

Datapath Bridge Table Entries
-----------------------------

Flags: P - Permanent, D - Deny, R - Roamed Client, M - Mobile, X - Xsec, A - Auth, T - Trusted

      MAC          VLAN  Assigned VLAN  Destination  Flags    Age
-----------------  ----  -------------  -----------  -------  ----
A4:6F:D9:E8:FF:15  2504  2504           tunnel 196            0

If you're interested you can use same command to check for any other clients connected to same AP.

(PYONGYANG-WLC-1) #show datapath bridge | include "tunnel 196"
A4:6F:D9:E8:FF:15  2504  2504           tunnel 196            0
A4:6F:E5:15:37:08  2504  2504           tunnel 196            0
A4:6F:72:53:47:3E  2504  2504           tunnel 196            0

Now that we know tunnel ID we can use it to lookup temporary AP IP

(PYONGYANG-WLC-1) #show datapath tunnel | include 196

Datapath Tunnel Table Entries
-----------------------------

Flags: E - Ether encap,  I - Wi-Fi encap,  R - Wired tunnel,  F - IP fragment OK
       W - WEP,  K - TKIP,  A - AESCCM,  G - AESGCM,  M - no mcast src filtering
       S - Single encrypt,  U - Untagged,  X - Tunneled node,  1(cert-id) - 802.1X Term-PEAP
       2(cert-id) - 802.1X Term-TLS,  T - Trusted,  L - No looping, d - Drop Bcast/Unknown Mcast,
       D - Decrypt tunnel,  a - Reduce ARP packets in the air, e - EAPOL only
       C - Prohibit new calls, P - Permanent, m - Convert multicast
       n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
       V - enforce user vlan(open clients only)
       H - Standby (HA-Lite), c - IP Compression, g - PAN GlobalProtect Tunnel

#       Source           Destination    Prt  Type  MTU   VLAN Acls                     BSSID             Decaps     Encaps     Heartbeats Cpu QSz Flags  EncapKBytes  DecapKBytes
------  --------------  --------------  ---  ----  ----  ---- -----------------------  ----------------- ---------- ---------- ---------- --- --- ----- ------------- -----------
196     192.168.8.36    172.17.0.81     47   8110  1200  2504 0   0    2    0    0     00:1A:1E:01:45:13    2019039    1972939          0  13   0 TEPR

Almost there - now just check what AP has that IP

(PYONGYANG-WLC-1) #show ap database | include 172.17.0.81

Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
       I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
       X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
       R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
       c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
       u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
       i = Indoor; o = Outdoor
       M = Mesh node; Y = Mesh Recovery

AP Database
-----------
Name             Group             AP Type  IP Address    Status               Flags  Switch IP     Standby IP
----             -----             -------  ----------    ------               -----  ---------     ----------
PYONGYANG-RAP25  RAP-PYONGYANG    RAP-3WN  172.17.0.81   Up 11d:5h:15m:38s    Rc2    192.168.8.36  0.0.0.0

That's it. Problem client is connected to RAP25.

5 comments:

  1. 토토
    스포츠토토
    I really love your site.. Pleasant colors & theme.
    Did you make this web site yourself? Please reply back
    as I'm planning to create my own personal blog and would like to know where you got this from or what the theme is named.
    Thank you!

    ReplyDelete
  2. 스포츠중계
    토토사이트
    토토

    If you are going for finest contents like me, just go
    to see this website daily for the reason that it presents quality contents, thanks

    ReplyDelete
  3. 토토사이트
    메이저사이트 목록
    토토사이트추천

    Your blog provided us with valuable information to work with. Each & every tips of your post are awesome. Thanks a lot for sharing. Keep blogging

    ReplyDelete
  4. 바카라사이트
    바카라게임사이트
    바카라


    Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article.

    ReplyDelete
  5. I can set up my new idea from this post. It gives in depth information. Thanks for this valuable information for all,.. gps equipment tracking

    ReplyDelete

Got something to say?!